On Sat, Nov 28, 2015 at 09:53:04PM +0100, Florian Westphal wrote: > nft monitor mode can then decode and display this trace data. > > Parts of LL/Network/Transport headers are provided as separate > attributes. > > Otherwise, printing IP address data becomes virtually impossible > for userspace since in the case of the netdev family we really don't > want userspace to have to know all the possible link layer types > and/or sizes just to display/print an ip address. > > We also don't want userspace to have to follow ipv6 header chains > to get the s/dport info, the kernel already did this work for us. > > To avoid bloating nft_do_chain all data required for tracing is > encapsulated in nft_traceinfo. > > The structure is initialized unconditionally(!) for each nft_do_chain > invocation. > > This unconditionall call will be moved under a static key in a > followup patch. > > With lots of help from Patrick McHardy and Pablo Neira. Nice work Florian, applied. > Acked-by: Patrick McHardy <kaber@xxxxxxxxx> > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> BTW, I have inverted these two tags. IIRC they should show the timeline, ie. An ack comes after your original work (thus the signed-off-by). For patches I get acked myself that get through my tree, I keep the ack after by Signed-off-by tag. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
